IETF Logo Mail Archive

Re: [tcpm] TCP-AO: Text for New_Key Process

Joe Touch <touch@ISI.EDU> Thu, 29 January 2009 15:16 UTC

Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 452353A68DF; Thu, 29 Jan 2009 07:16:16 -0800 (PST)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0216D3A68DF for <tcpm@core3.amsl.com>; Thu, 29 Jan 2009 07:16:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UYnFDCpqnVFT for <tcpm@core3.amsl.com>; Thu, 29 Jan 2009 07:16:13 -0800 (PST)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id D0D0A3A68DB for <tcpm@ietf.org>; Thu, 29 Jan 2009 07:16:13 -0800 (PST)
Received: from [75.210.185.39] (39.sub-75-210-185.myvzw.com [75.210.185.39]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id n0TFFGpU020019; Thu, 29 Jan 2009 07:15:18 -0800 (PST)
Message-ID: <4981C803.8040504@isi.edu>
Date: Thu, 29 Jan 2009 07:15:15 -0800
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: Eric Rescorla <ekr@networkresonance.com>
References: <7.1.0.9.2.20081219010400.02bfd3d8@gmail.com> <496d9941.18038e0a.5558.ffffd3a6@mx.google.com> <497F7DDC.70309@isi.edu> <20090128162756.3799450822@romeo.rtfm.com> <49808E94.8050107@isi.edu> <20090128175345.C434E50822@romeo.rtfm.com> <49809CBC.5080603@isi.edu> <20090129065500.243E550822@romeo.rtfm.com>
In-Reply-To: <20090129065500.243E550822@romeo.rtfm.com>
X-Enigmail-Version: 0.95.7
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm@ietf.org, Allison Mankin <mankin@psg.com>, skonduru@juniper.net
Subject: Re: [tcpm] TCP-AO: Text for New_Key Process
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Eric Rescorla wrote:
> At Wed, 28 Jan 2009 09:58:20 -0800,
> Joe Touch wrote:
>> Eric Rescorla wrote:
>>>> I've already shown a way to achieve this without requiring the use of
>>>> the NEW key, i.e., that used two KeyIDs with the OLD key, using the
>>>> change in the KeyID to inform the endpoints. I've also described in that
>>>> email a way to achieve this using the current API, without asking TCP-AO
>>>> to generate new packets or to do anything conditional _inside_ TCP-AO;
>>>> this can (and, IMO, should) all be accomplished with an external
>>>> mechanism, with __no__ impact on the stack.
>>> I read your mechanism, but I'm not sure it works.
>>>
>>> The basic unit of operation here isn't keys but key-ids. It's true that
>>> in your example key-id 6 refers to the same key as key-id 5, but that's
>>> not something that the stack should be observing.
>> The stack doesn't observe it; the stack reports it if asked to an
>> external process.
> 
> As I've indicated before, I think this whole external process thing
> is overcomplicating matters. Key management daemons are a bug,
> not a feature, and it would be much better if things could
> be constructed so the TCP-AO module would do everything. 
> 
> 
>>> If your point is that at the time I install key-id 5 I also install a
>>> dummy key-id 6, and use that purely for signalling, I agree that that
>>> would work, but it strikes me as extremely kludgy. 
>> It allows side A to tell side B when side A has a new key installed,
>> without causing any packets to fall on the floor on side B (note that
>> retransmissions, if received, could open the congestion window
>> inappropriately).
>> The mechanism I proposed achieved with no modifications to the TCP stack.
> 
> Yes, by laying the burden on some as yet nonexistent key management
> mechanism.

We can bury the mechanism I suggest inside TCP-AO if desired, but I
think that just ends up making it even more heavyweight. Automated key
management is a mechanism that does not need to be inside TCP-AO - we
were given that direction by the ADs from the start.

>> The other mechanisms suggested all have the property of also using the
>> KeyID value as a signal. The only downside of the mechanism I proposed
>> is that is inefficient in the use of the KeyID space - however, the
>> space is large enough that this isn't an issue.
> 
> That's far from the only downside.
> 
> For one, consider what happens if key 7 is misconfigured. In Greg's
> system, everything works fine, because packets with MAC failures are
> dropped.

I cannot believe TCP-AO needs to handle misconfigured keys. This is
supposed to be a lightweight mechanism.

> In your system, the 5-6 transition is used to signal the
> availability of 7, but if that transition fails the connection just
> falls over.

It's trivial to handle misconfigured keys in a similar fashion in the
mechanism I proposed - when you get keyID6, you switch to using keyID7;
if you don't get ACKs after some timeout, you revert back. Again, this
can be done without burying the mechanism inside TCP (you can do it by
sampling the keyIDs received).

>>> There's no natural
>>> connection between the switch from 5-6 and the switch from 5-7.
>> Why should there be? IMO, it's up to the endpoints to decide how and
>> when to switch keys; key change coordination needs to be _enabled_ by
>> TCP-AO, but not provided by it. IMO, that's a KMS issue - whether
>> automated at the endpoints, or via a protocol.
> 
> Again, I don't agree. TCP-AO should work fine without some additional
> KMS, and that includes having unsynchronized key changes work correctly.

TCP-AO *supports* key management; it doesn't include it. Synchronizing
key changes is key management.

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmByAMACgkQE5f5cImnZruddwCg3ZkQCiYv/I7nhosYMvXVYCwL
odoAoKUq3Fxsu0SN9crhAwC3di60GBJ1
=60My
-----END PGP SIGNATURE-----
_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email